checks:
  addAllBuiltIn: true
  exclude:
    - "unset-cpu-requirements"
    # Look at https://github.com/kumahq/kuma/issues/8908 to reenable all these
    - dnsconfig-options
    - access-to-secrets
    - minimum-three-replicas
    - no-liveness-probe
    - no-readiness-probe
    - required-label-owner
    - required-annotation-email
    - access-to-create-pods
    - no-node-affinity
    - non-isolated-pod
    - no-rolling-update-strategy
    - writable-host-mount
    - exposed-services
    - use-namespace

customChecks:
- name: "unset-cpu-requests"
  description: "Indicates when containers do not have CPU requests set."
  scope:
    objectKinds:
      - DeploymentLike
  remediation: >-
    Set CPU requests for your container based on its requirements.
    Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.
  template: "cpu-requirements"
  params:
    requirementsType: "request"
    lowerBoundMillis: 0
    upperBoundMillis: 0
